1. About this Policy
1.1. This policy explains when and why we collect personal information about our clients, enquirers and supply chain and how we use it, how we keep it secure and your rights in relation to it.
1.3. We may change this policy from time to time, in line with changes in legislation, by updating this page. You should check back to ensure you’re happy with any changes. This policy is effective from 20/4/18 and is reviewed annually in November of each year.
1.4. We will always comply with the General Data Protection Regulation (GDPR) when dealing with your personal data. Further details on the GDPR can be found at the website for the Information Commissioner (www.ico.gov.uk). For the purposes of the GDPR, we will be the “controller” of all personal data we hold about you.
2. Who are we?
2.1. We are Change Q Ltd. We can be contacted at firstname.lastname@example.org
3. What information we collect and why.
3.1. Unless specified we would usually collect your contact name, address, telephone number and email address
3.2. Current and past clients: We hold contact details, job specification and results for our legitimate requirement in order to: complete delivery of the job and to give you the best service; so that we can respond to later enquiries from you with an understanding of your needs and so that we can keep our clients updated on sector developments and services
3.3. Enquirers: We hold contact details and work specification details of enquirers until tender decisions are made and with the enquirer’s consent afterwards so that we can keep them updated with sector developments and services
3.4. Grant making organisations and corporate funders: For some of our work it is necessary to research and temporarily hold details of organisations which provide charitable funding. This is either to assist clients in the preparation of funding applications or to provide contacts for their own funding applications. We temporarily hold these records to enable us to track progress of the application. At completion of the client job we will destroy our copy of these records. Where we pass contact records to clients to enable them to track the history of applications or to make future funding applications we include in our contract a GDPR compliant condition i.e. they must ask for consent in order to store these contacts.
3.5. Data processing for research purposes. Where Change Q delivers quantitative and qualitative research we use data provided by clients and enter a contract to ensure that our handling of this data will be compliant with GDPR regulations. This data will be destroyed at the end of the client assignment.
3.6. Supply chain: We collect contact details and details of the specialisms of our suppliers so that we may allocate resources appropriately and coordinate effective delivery.
4. Who else has access to the information you provide us?
4.1. We will not sell, distribute or lease your personal information to third parties unless we have your permission or if it is necessary in order to deliver services to you or if we are required by law to do so.
4.2. Client data is made available only to those Change Q associates responsible for delivering the assignment
4.3. Associates are bound by contract to comply with this policy and to ensure GDPR compliance and to protect client confidentiality.
5. How we protect your personal data
5.1. We will not transfer your personal data outside the EU without your consent.
5.2. We have implemented generally accepted standards of technology and operational security in order to protect personal data from loss, misuse, or unauthorised alteration or destruction.
5.3. Please note however that where you are transmitting information to us over the internet this can never be guaranteed to be 100% secure.
5.4. For any payments which we take from you online we will use a recognised online secure payment system.
5.5. We will notify you promptly in the event of any breach of your personal data which might expose you to serious risk
6. You are in control of your data
6.1. If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by emailing email@example.com
6.2. You may request details of personal information which we hold about you under the Data Protection Act 1998. We will respond to you within one month of receiving your request. You may also request for your information to be removed at any time.
6.3. If you believe that any information we are holding on you is incorrect or incomplete, please email us as soon as possible, at the above address. We will promptly correct any information found to be incorrect.